Lately, I’ve been doing FIPS related work for Red Hat, and I’ve spend way too much time rebooting kernels and debugging dracut. So when I recently saw fellow cypherpunks Ian Goldberg’s work on SkypeMorph, I was reminded of another project at the University of Waterloo, The Nearby Friend plugin for Off The Record.

For those who don’t know, Off-The-Record is an encryption protocol for Instant Messaging. It has some properties that are unlike regular encrypted chats. It offers repudiation, that is you can deny you said something, as no digital signatures are used to sign your messages with a private key only you would possess. A more recent addition to that protocol is an implementation of a PET paper Louis, Lester and Pierre: Three Protocols for Location Privacy. Using an OTR secured chat, you can exchange your location information in a special mathematical way so that you only reveal your location if the other person is within a certain range of you (which both parties set individually). Say you set your location to 10km. You can run this protocol with your 500 friends, but you are not sharing your actual location with them. But if any of your friends come within a 10km range of you, and they also have their setting to 10km or less, then the two of you will actually exchange your physical location. This gives you much more privacy then telling some central authority your location and then trusting that entity to only share it with people you approve of.

Of course, to do this, we need to actually know our location. These days, the most common method for that is to use a combinatin of GPS and wifi signals. And in fact, just the wifi signals are usually enough. A disadvantage of this method is that you are sending your wifi signal information to a central party, and that third party then tells (and knows!) your location, though they only know who you are based on a hopefully ever-changing IP address.

I had looked at the NearbyFriend pidgin plugin years ago, but it used a proprietary interface and database by SkyHook, so I stopped looking at it. I checked it again a few days ago, and the code has been sitting there unchanged for years. So I googled around for some alternatives, and found some code by Francis Markham at http://code.google.com/p/geolocate-cli/. It uses the Google Location API. Although Google does some evil these days, I do still believe they are still mostly good. And when questioning them for this information, you do not need to tell them who you are, so it is still somewhat anonymous. The nice thing about the Google API is that even if you have no wifi signals, it will tell you your location based on the IP address you queried them from.

It was written in python and setup to be quite modular, but with many of the modules not working and strange module names that are annoying to install on full systems (like misc.py and plugins.py). So instead of trying to package it up, I stripped it down to a minimum and put it all in a single python script.

For Nearby Friend, I just need the latitude and longitude, so I added a “-s” option to make that much easier

[paul@bofh ~]$ geome -s
43.6525
-79.381667

(I’ll update the example with a wifi one, once I’m not actually at home :)

I already ripped out the Skyhook code from NearbyFriend, needed because I don’t even want the header files that contain the proprietary API inside any opensource software package. Over the next few days I hope to finish up the integration of geome with NearbyFriends and push a package into Fedora.